Closed innerop closed 1 year ago
I found some privileged functionality protected by the pwd
Like https://github.com/m1k1o/neko/blob/master/server/internal/http/http.go#L86
But not able to find where the password is checked to allow or not allow login.... Will keep looking
We use viper that loads configuration from multiple sources, also from env. You can read about it more e.g. here: https://dev.to/techschoolguru/load-config-from-file-environment-variables-in-golang-with-viper-2j2d
Difference between admin and user is, that admin can:
Screen size:
Locks:
Context menu for user (right click on avatar):
Broadcast (in settings):
Yes, current documentation could be better. There are many things as comments in issues, it would be nice to go through it all and put it on a page.
P.S.: Its checked here: https://github.com/m1k1o/neko/blob/b2080649ea50d942c3e9887813d867edbfc21052/server/internal/websocket/websocket.go#L365-L384
Yes on the need to update the docs, just not very good at docs myself, but I'll try and see if I have any time, when I free up. Thank you so much for all this info. At least it's here now in the issues.
Hi,
I searched this repo for all occurence of NEKO_PASSWORD to see how the access control mechanism is implemented. I could only find references in Dockerfile for base, docker-compose.yaml and some docs. Where in the code does it test if the entered value == NEKO_PASSWORD? is it in the frontend code? I can't seem to be able to find the place in the code where the test is performed, and where in the code it recognizes that the user is admin or regular?
A related question: what is the difference between admin and user? I can't tell. I get the same features it seems. Is the difference documented?